parse-community · mtrezza · Sep 27, 2022 · Sep 6, 2022 · Sep 6, 2022 · Sep 8, 2022
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -6,18 +6,18 @@ on:
     branches:
       - '**'
 env:
-  NODE_VERSION: 16.10.0
+  NODE_VERSION: 18.9.0
 jobs:
   check-ci:
     name: Node Engine Check
     timeout-minutes: 15
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js ${{ env.NODE_VERSION }}
         uses: actions/setup-node@v1
         with:
-          node-version: ${{ env.node-version }}
+          node-version: ${{ env.NODE_VERSION }}
       - name: Cache Node.js modules
         uses: actions/cache@v2
         with:
@@ -32,13 +32,13 @@ jobs:
   check-lint:
     name: Lint
     timeout-minutes: 15
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js ${{ env.NODE_VERSION }}
         uses: actions/setup-node@v1
         with:
-          node-version: ${{ env.node-version }}
+          node-version: ${{ env.NODE_VERSION }}
       - name: Cache Node.js modules
         uses: actions/cache@v2
         with:
@@ -52,13 +52,13 @@ jobs:
   check-circular:
      name: Circular Dependencies
      timeout-minutes: 5
-     runs-on: ubuntu-18.04
+     runs-on: ubuntu-latest
      steps:
       - uses: actions/checkout@v2
       - name: Use Node.js ${{ env.NODE_VERSION }}
         uses: actions/setup-node@v1
         with:
-          node-version: ${{ env.node-version }}
+          node-version: ${{ env.NODE_VERSION }}
       - name: Cache Node.js modules
         uses: actions/cache@v2
         with:
@@ -86,7 +86,7 @@ jobs:
       fail-fast: false
     name: ${{ matrix.name }}
     timeout-minutes: 15
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
       - name: Set up QEMU
@@ -100,7 +100,7 @@ jobs:
   check-lock-file-version:
     name: NPM Lock File Version
     timeout-minutes: 5
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
       - name: Check NPM lock file version
@@ -114,13 +114,15 @@ jobs:
           - name: Node 12
             NODE_VERSION: 12.22.12
           - name: Node 14
-            NODE_VERSION: 14.19.2
+            NODE_VERSION: 14.20.0
           - name: Node 16
-            NODE_VERSION: 16.10.0
+            NODE_VERSION: 16.17.0
+          - name: Node 18
+            NODE_VERSION: 18.9.0
       fail-fast: false
     name: ${{ matrix.name }}
     timeout-minutes: 15
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     env:
       NODE_VERSION: ${{ matrix.NODE_VERSION }}
     steps:

diff --git a/.github/workflows/release-automated.yml b/.github/workflows/release-automated.yml
@@ -38,7 +38,7 @@ jobs:
     env:
       REGISTRY: docker.io
       IMAGE_NAME: parseplatform/parse-dashboard
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write

diff --git a/.github/workflows/release-manual-docker.yml b/.github/workflows/release-manual-docker.yml
@@ -8,13 +8,13 @@ on:
     inputs:
       ref:
         default: ''
-        description: 'Reference (tag / SHA):'  
+        description: 'Reference (tag / SHA):'
 env:
   REGISTRY: docker.io
   IMAGE_NAME: parseplatform/parse-dashboard
 jobs:
   build:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write

diff --git a/Parse-Dashboard/Authentication.js b/Parse-Dashboard/Authentication.js
@@ -30,13 +30,13 @@ function initialize(app, options) {
         otpCode: req.body.otpCode
       });
       if (!match.matchingUsername) {
-        return cb(null, false, { message: 'Invalid username or password' });
-      }
-      if (match.otpMissing) {
-        return cb(null, false, { message: 'Please enter your one-time password.' });
+        return cb(null, false, { message: JSON.stringify({ text: 'Invalid username or password' }) });
       }
       if (!match.otpValid) {
-        return cb(null, false, { message: 'Invalid one-time password.' });
+        return cb(null, false, { message: JSON.stringify({ text: 'Invalid one-time password.', otpLength: match.otpMissingLength || 6}) });
+      }
+      if (match.otpMissingLength) {
+        return cb(null, false, { message: JSON.stringify({ text: 'Please enter your one-time password.', otpLength: match.otpMissingLength || 6 })});
       }
       cb(null, match.matchingUsername);
     })
@@ -91,7 +91,7 @@ function authenticate(userToTest, usernameOnly) {
   let appsUserHasAccessTo = null;
   let matchingUsername = null;
   let isReadOnly = false;
-  let otpMissing = false;
+  let otpMissingLength = false;
   let otpValid = true;
 
   //they provided auth
@@ -104,17 +104,20 @@ function authenticate(userToTest, usernameOnly) {
       let usernameMatches = userToTest.name == user.user;
       if (usernameMatches && user.mfa && !usernameOnly) {
         if (!userToTest.otpCode) {
-          otpMissing = true;
+          otpMissingLength = user.mfaDigits || 6;
         } else {
           const totp = new OTPAuth.TOTP({
             algorithm: user.mfaAlgorithm || 'SHA1',
-            secret: OTPAuth.Secret.fromBase32(user.mfa)
+            secret: OTPAuth.Secret.fromBase32(user.mfa),
+            digits: user.mfaDigits,
+            period: user.mfaPeriod,
           });
           const valid = totp.validate({
             token: userToTest.otpCode
           });
           if (valid === null) {
             otpValid = false;
+            otpMissingLength = user.mfaDigits || 6;
           }
         }
       }
@@ -132,7 +135,7 @@ function authenticate(userToTest, usernameOnly) {
   return {
     isAuthenticated,
     matchingUsername,
-    otpMissing,
+    otpMissingLength,
     otpValid,
     appsUserHasAccessTo,
     isReadOnly,

diff --git a/Parse-Dashboard/CLI/mfa.js b/Parse-Dashboard/CLI/mfa.js
@@ -65,7 +65,19 @@ const generateSecret = ({ app, username, algorithm, digits, period }) => {
     secret
   });
   const url = totp.toString();
-  return { secret: secret.base32, url };
+  const config = { mfa: secret.base32 };
+  config.app = app;
+  config.url = url;
+  if (algorithm !== 'SHA1') {
+    config.mfaAlgorithm = algorithm;
+  }
+  if (digits != 6) {
+    config.mfaDigits = digits;
+  }
+  if (period != 30) {
+    config.mfaPeriod = period;
+  }
+  return { config };
 };
 const showQR = text => {
   const QRCode = require('qrcode');
@@ -77,7 +89,10 @@ const showQR = text => {
   });
 };
 
-const showInstructions = ({ app, username, passwordCopied, secret, url, encrypt, config }) => {
+const showInstructions = ({ app, username, passwordCopied, encrypt, config }) => {
+  const {secret, url} = config;
+  const mfaJSON = {...config};
+  delete mfaJSON.url;
   let orderCounter = 0;
   const getOrder = () => {
     orderCounter++;
@@ -90,7 +105,7 @@ const showInstructions = ({ app, username, passwordCopied, secret, url, encrypt,
 
   console.log(
     `\n${getOrder()}. Add the following settings for user "${username}" ${app ? `in app "${app}" ` : '' }to the Parse Dashboard configuration.` +
-    `\n\n   ${JSON.stringify(config)}`
+    `\n\n   ${JSON.stringify(mfaJSON)}`
   );
 
   if (passwordCopied) {
@@ -101,14 +116,14 @@ const showInstructions = ({ app, username, passwordCopied, secret, url, encrypt,
 
   if (secret) {
     console.log(
-      `\n${getOrder()}. Open the authenticator app to scan the QR code above or enter this secret code:` + 
-      `\n\n   ${secret}` + 
+      `\n${getOrder()}. Open the authenticator app to scan the QR code above or enter this secret code:` +
+      `\n\n   ${secret}` +
       '\n\n   If the secret code generates incorrect one-time passwords, try this alternative:' +
-      `\n\n   ${url}` + 
+      `\n\n   ${url}` +
       `\n\n${getOrder()}. Destroy any records of the QR code and the secret code to secure the account.`
     );
   }
-  
+
   if (encrypt) {
     console.log(
       `\n${getOrder()}. Make sure that "useEncryptedPasswords" is set to "true" in your dashboard configuration.` +
@@ -173,6 +188,7 @@ module.exports = {
       const salt = bcrypt.genSaltSync(10);
       data.pass = bcrypt.hashSync(data.pass, salt);
     }
+    const config = {};
     if (mfa) {
       const { app } = await inquirer.prompt([
         {
@@ -182,18 +198,13 @@ module.exports = {
         }
       ]);
       const { algorithm, digits, period } = await getAlgorithm();
-      const { secret, url } = generateSecret({ app, username, algorithm, digits, period });
-      data.mfa = secret;
-      data.app = app;
-      data.url = url;
-      if (algorithm !== 'SHA1') {
-        data.mfaAlgorithm = algorithm;
-      }
-      showQR(data.url);
+      const secret  =generateSecret({ app, username, algorithm, digits, period });
+      Object.assign(config, secret.config);
+      showQR(secret.config.url);
     }
-
-    const config = { mfa: data.mfa, user: data.user, pass: data.pass };
-    showInstructions({ app: data.app, username, passwordCopied: true, secret: data.mfa, url: data.url, encrypt, config });
+    config.user = data.user;
+    config.pass = data.pass ;
+    showInstructions({ app: data.app, username, passwordCopied: true, encrypt, config });
   },
   async createMFA() {
     console.log('');
@@ -212,14 +223,9 @@ module.exports = {
     ]);
     const { algorithm, digits, period } = await getAlgorithm();
 
-    const { url, secret } = generateSecret({ app, username, algorithm, digits, period });
-    showQR(url);
-
+    const { config } = generateSecret({ app, username, algorithm, digits, period });
+    showQR(config.url);
     // Compose config
-    const config = { mfa: secret };
-    if (algorithm !== 'SHA1') {
-      config.mfaAlgorithm = algorithm;
-    }
-    showInstructions({ app, username, secret, url, config });
+    showInstructions({ app, username, config });
   }
 };
diff --git a/Parse-Dashboard/app.js b/Parse-Dashboard/app.js
@@ -184,22 +184,22 @@ module.exports = function(config, options) {
         </div>`
       }
       res.send(`<!DOCTYPE html>
+      <html>
         <head>
           <link rel="shortcut icon" type="image/x-icon" href="${mountPath}favicon.ico" />
           <base href="${mountPath}"/>
           <script>
             PARSE_DASHBOARD_PATH = "${mountPath}";
           </script>
-        </head>
-        <html>
           <title>Parse Dashboard</title>
-          <body>
-            <div id="login_mount"></div>
-            ${errors}
-            <script id="csrf" type="application/json">"${req.csrfToken()}"</script>
-            <script src="${mountPath}bundles/login.bundle.js"></script>
-          </body>
-        </html>
+        </head>
+        <body>
+          <div id="login_mount"></div>
+          ${errors}
+          <script id="csrf" type="application/json">"${req.csrfToken()}"</script>
+          <script src="${mountPath}bundles/login.bundle.js"></script>
+        </body>
+      </html>
       `);
     });
 
@@ -212,20 +212,20 @@ module.exports = function(config, options) {
         res.append('username', req.user.matchingUsername);
       }
       res.send(`<!DOCTYPE html>
+      <html>
         <head>
           <link rel="shortcut icon" type="image/x-icon" href="${mountPath}favicon.ico" />
           <base href="${mountPath}"/>
           <script>
             PARSE_DASHBOARD_PATH = "${mountPath}";
           </script>
-        </head>
-        <html>
           <title>Parse Dashboard</title>
-          <body>
-            <div id="browser_mount"></div>
-            <script src="${mountPath}bundles/dashboard.bundle.js"></script>
-          </body>
-        </html>
+        </head>
+        <body>
+          <div id="browser_mount"></div>
+          <script src="${mountPath}bundles/dashboard.bundle.js"></script>
+        </body>
+      </html>
       `);
     });
   });

diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 [![Build Status](https://github.com/parse-community/parse-dashboard/workflows/ci/badge.svg?branch=alpha)](https://github.com/parse-community/parse-dashboard/actions?query=workflow%3Aci+branch%3Aalpha)
 [![Snyk Badge](https://snyk.io/test/github/parse-community/parse-dashboard/badge.svg)](https://snyk.io/test/github/parse-community/parse-dashboard)
 
-[![Node Version](https://img.shields.io/badge/nodejs-12,_14,_16-green.svg?logo=node.js&style=flat)](https://nodejs.org/)
+[![Node Version](https://img.shields.io/badge/nodejs-12,_14,_16,_18-green.svg?logo=node.js&style=flat)](https://nodejs.org/)
 [![auto-release](https://img.shields.io/badge/%F0%9F%9A%80-auto--release-9e34eb.svg)](https://github.com/parse-community/parse-dashboard/releases)
 
 [![npm latest version](https://img.shields.io/npm/v/parse-dashboard/latest.svg)](https://www.npmjs.com/package/parse-dashboard)
@@ -102,10 +102,10 @@ Parse Dashboard is continuously tested with the most recent releases of Node.js
 
 | Version    | Latest Version | End-of-Life | Compatible   |
 |------------|----------------|-------------|--------------|
-| Node.js 12 | 12.22.12        | April 2022  | ✅ Yes        |
-| Node.js 14 | 14.19.2        | April 2023  | ✅ Yes        |
-| Node.js 16 | 16.10.0        | April 2024  | ✅ Yes        |
-| Node.js 17 | 17.x           | June 2022   | ❌ Not tested |
+| Node.js 12 | 12.22.12       | April 2022  | ✅ Yes        |
+| Node.js 14 | 14.20.0        | April 2023  | ✅ Yes        |
+| Node.js 16 | 16.17.0        | April 2024  | ✅ Yes        |
+| Node.js 18 | 18.9.0         | May 2025    | ✅ Yes        |
 
 ## Configuring Parse Dashboard